TechSpot

Google redirection - Searchbif

Inactive
By LainWhite
Mar 3, 2012
Topic Status:
Not open for further replies.
  1. Google seach results would intermittently get redirected via "searchbif". Since running these preliminary scans it seems to have halted, but seeing as it wasn't a consistent occurance to begin with, better safe than sorry. Thanks in advance for assistance.

    -----------------

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.03.04

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    C :: SHELL-02 [administrator]

    03/03/2012 12:25:03
    mbam-log-2012-03-03 (12-25-03).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 212977
    Time elapsed: 4 minute(s), 37 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: C:\Users\C\AppData\Local\dplaysvr.exe -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)



    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-03-03 13:09:40
    Windows 6.1.7601 Service Pack 1
    Running: pv8q7o43.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 2
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xEF 0xD0 0xF3 0x06 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCA 0x2B 0xA0 0xDB ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xEF 0xD0 0xF3 0x06 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCA 0x2B 0xA0 0xDB ...

    ---- EOF - GMER 1.0.15 ----


    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_21
    Run by C at 13:14:18 on 2012-03-03
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.8169.6010 [GMT 0:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\UnsignedThemesSvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\IProsetMonitor.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\System32\svchost.exe -k LPDService
    C:\Windows\system32\lxbccoms.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\explorer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
    C:\Program Files (x86)\RocketDock\RocketDock.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\AUDIODG.EXE
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mURLSearchHooks: H - No File
    mWinlogon: Userinit=userinit.exe,
    uWinlogon: Shell=expstart.exe
    BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    uRun: [Steam] "M:\Vidya\Steam\steam.exe" -silent
    uRun: [Google Update] "C:\Users\C\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
    uRun: [F.lux] "C:\Users\C\Local Settings\Apps\F.lux\flux.exe" /noshow
    uRun: [RGSC] M:\Vidya\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
    uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
    uRun: [uTorrent] "M:\Programs\uTorrent\uTorrent.exe" /MINIMIZED
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    StartupFolder: C:\Users\C\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Default.lnk - C:\Users\C\AppData\Roaming\Realtime Soft\UltraMon\3.0.10\Profiles\Default.umprofile
    StartupFolder: C:\Users\C\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\C\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UltraMon.lnk - C:\Windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
    IE: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm
    IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    TCP: DhcpNameServer = 217.20.29.9 217.20.22.2
    TCP: Interfaces\{173950EF-CEC4-47A5-A9A2-AB68DC4302F9} : DhcpNameServer = 217.20.29.9 217.20.22.2
    TCP: Interfaces\{F9CDAE58-E59C-4CEE-B760-19FC33CB8CE9} : DhcpNameServer = 217.20.29.9 217.20.22.2
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: IDMIEHlprObj Class: {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
    BHO-X64: IDM Helper - No File
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Foxit Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO-X64: Ask Toolbar BHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB-X64: Foxit Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
    mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    Hosts: 87.229.126.50 www.google.com
    Hosts: 87.229.126.51 www.bing.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\C\AppData\Roaming\Mozilla\Firefox\Profiles\qags5fby.default\
    FF - prefs.js: browser.startup.homepage - www.google.co.uk
    FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff4.dll
    FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff5.dll
    FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff6.dll
    FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff7.dll
    FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff8.dll
    FF - component: C:\Users\C\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
    FF - component: C:\Users\C\AppData\Roaming\Mozilla\Firefox\Profiles\qags5fby.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\C\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\Users\C\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
    R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
    R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
    R2 lxbc_device;lxbc_device;C:\Windows\system32\lxbccoms.exe -service --> C:\Windows\system32\lxbccoms.exe -service [?]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-30 2253120]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
    R2 UnsignedThemes;Unsigned Themes;C:\Windows\UnsignedThemesSvc.exe [2009-7-13 24168]
    R2 uxpatch;uxpatch;\??\C:\Windows\system32\drivers\uxpatch.sys --> C:\Windows\system32\drivers\uxpatch.sys [?]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
    R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe --> c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [?]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-03-03 12:23:57 -------- d-----w- C:\Users\C\AppData\Roaming\Malwarebytes
    2012-03-03 12:23:30 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-03-03 12:23:29 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-03-03 12:23:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-02-21 16:18:27 406528 ----a-w- C:\Windows\SysWow64\ReWire.dll
    2012-02-21 16:18:27 338432 ----a-w- C:\Windows\SysWow64\REX Shared Library.dll
    2012-02-17 05:11:17 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
    2012-02-17 04:21:21 133800 ----a-w- C:\Windows\System32\IPROSetMonitor.exe
    2012-02-17 04:21:00 314568 ----a-r- C:\Windows\System32\PROUnstl.exe
    2012-02-17 04:20:19 68264 ----a-w- C:\Windows\System32\e1cmsg.dll
    2012-02-17 04:20:19 36472 ----a-w- C:\Windows\System32\NicCo36.dll
    2012-02-17 04:20:19 313520 ----a-w- C:\Windows\System32\drivers\e1c62x64.sys
    2012-02-17 04:20:17 91840 ----a-w- C:\Windows\System32\NicInstC.dll
    2012-02-17 03:23:19 -------- d-----w- C:\Windows\SysWow64\Wat
    2012-02-17 03:23:18 -------- d-----w- C:\Windows\System32\Wat
    2012-02-06 12:08:10 -------- d-----w- C:\Users\C\AppData\Roaming\The Longest Journey
    2012-02-04 12:39:03 -------- d-----w- C:\Users\C\AppData\Local\Black_Tree_Gaming
    .
    ==================== Find3M ====================
    .
    2012-03-02 07:46:05 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-02-17 03:23:38 419840 ----a-w- C:\Windows\System32\systemcpl.dll
    2012-02-17 03:23:38 14848 ----a-w- C:\Windows\System32\slwga.dll
    2012-02-17 03:23:38 13824 ----a-w- C:\Windows\SysWow64\slwga.dll
    2012-02-17 03:23:37 833024 ----a-w- C:\Windows\SysWow64\user32.dll
    2012-02-17 03:23:37 1008640 ----a-w- C:\Windows\System32\user32.dll
    2012-01-14 04:06:27 3145728 ----a-w- C:\Windows\System32\win32k.sys
    2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
    2011-12-28 00:08:47 280736 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2011-12-28 00:08:47 280736 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2011-12-28 00:04:57 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2011-12-26 18:49:14 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
    2011-12-26 18:49:14 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
    2011-12-26 18:49:13 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
    2011-12-26 18:49:13 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
    2011-12-16 08:47:38 1188864 ----a-w- C:\Windows\System32\wininet.dll
    2011-12-16 08:46:06 634880 ----a-w- C:\Windows\System32\msvcrt.dll
    2011-12-16 07:54:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-12-16 07:52:58 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
    2011-12-16 06:44:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-12-16 06:09:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    .
    ============= FINISH: 13:14:46.83 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume2
    Install Date: 30/08/2010 08:05:45
    System Uptime: 03/03/2012 12:33:15 (1 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P8Z68-V
    Processor: Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz | LGA1155 | 3301/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 153 GiB total, 30.76 GiB free.
    D: is CDROM ()
    E: is CDROM (UDF)
    F: is CDROM (UDF)
    G: is CDROM (UDF)
    H: is CDROM (CDFS)
    I: is CDROM (CDFS)
    M: is FIXED (NTFS) - 932 GiB total, 241.669 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description:
    Device ID: USB\VID_0CF3&PID_3000\6&DF2EE03&0&7
    Manufacturer:
    Name:
    PNP Device ID: USB\VID_0CF3&PID_3000\6&DF2EE03&0&7
    Service:
    .
    Class GUID:
    Description: Universal Serial Bus (USB) Controller
    Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_84881043&REV_00\4&DDEC341&0&00E1
    Manufacturer:
    Name: Universal Serial Bus (USB) Controller
    PNP Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_84881043&REV_00\4&DDEC341&0&00E1
    Service:
    .
    Class GUID:
    Description: PCI Simple Communications Controller
    Device ID: PCI\VEN_8086&DEV_1C3A&SUBSYS_844D1043&REV_04\3&11583659&0&B0
    Manufacturer:
    Name: PCI Simple Communications Controller
    PNP Device ID: PCI\VEN_8086&DEV_1C3A&SUBSYS_844D1043&REV_04\3&11583659&0&B0
    Service:
    .
    Class GUID:
    Description: SM Bus Controller
    Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_844D1043&REV_05\3&11583659&0&FB
    Manufacturer:
    Name: SM Bus Controller
    PNP Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_844D1043&REV_05\3&11583659&0&FB
    Service:
    .
    Class GUID:
    Description: Universal Serial Bus (USB) Controller
    Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_84881043&REV_00\4&108ABD8A&0&00E4
    Manufacturer:
    Name: Universal Serial Bus (USB) Controller
    PNP Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_84881043&REV_00\4&108ABD8A&0&00E4
    Service:
    .
    ==== System Restore Points ===================
    .
    RP295: 24/02/2012 07:45:30 - Scheduled Checkpoint
    RP296: 02/03/2012 11:25:24 - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 10 ActiveX
    Amazon MP3 Downloader 1.0.9
    AMK MOD 1.4.0.22
    Anachronox
    Apple Application Support
    Apple Software Update
    Ask Toolbar
    Assassin's Creed
    Assassin's Creed II
    µTorrent
    Audacity 1.2.6
    Audiokinetic Wwise v2011.2.2 build 4007
    BOSS
    Cave Story+
    Command & Conquer Red Alert 2
    Creation Kit
    D3DX10
    Dawn of War - Dark Crusade
    dBpoweramp Music Converter
    Deus Ex
    Deus Ex Human Revolution Augmented Edition Bonus Content
    Deus Ex: Human Revolution
    Divine Wind version 5.1
    Driver Sweeper 2.1.0
    Dropbox
    Dual-Core Optimizer
    Europa Universalis III
    F.lux
    FileZilla Client 3.3.5.1
    FMOD Designer
    Foxit Reader
    Frozen Synapse
    GOM Player
    GOMTV Streamer
    Google Chrome
    Grand Theft Auto IV
    Grand Theft Auto: San Andreas
    Guitar Pro 5.2
    Internet Download Manager
    Jamestown
    Java Auto Updater
    Java(TM) 6 Update 16
    Java(TM) 6 Update 21
    Just Cause 2
    Katawa Shoujo
    LAME v3.98.2 for Audacity
    Last.fm 1.5.4.27091
    LastPass (uninstall only)
    Linux Mint
    LOSI 0.4.5
    M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player v 1.1
    Malwarebytes Anti-Malware version 1.60.1.1000
    Mass Effect
    Medieval II: Total War
    Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
    Microsoft Flight Simulator X
    Microsoft Flight Simulator X Service Pack 1
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft XNA Framework Redistributable 4.0
    MIDI Tracker
    mIRC
    Mozilla Firefox 10.0.2 (x86 en-GB)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Musical Palette - Melody Composing Tool 3.7
    Native Instruments Absynth 5
    Native Instruments FM8
    Native Instruments Komplete 6
    Native Instruments Kontakt 4
    Native Instruments Massive
    Native Instruments Reaktor 5
    Native Instruments Service Center
    Network Addon Mod Version 29
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    Oblivion
    Oblivion - Knights of the Nine
    Oblivion - Orrery
    Oblivion - The Fighter's Stronghold
    Oblivion Face Exchange Lite
    Oblivion mod manager 1.1.12
    OpenAL
    OpenOffice.org 3.1
    Operation Optimization v1.1.1
    PDFCreator
    PowerISO
    Project SAM Symphobia 1.0
    PunkBuster Services
    Python 2.6 psyco-1.6
    Python 2.6 pywin32-214
    Python 2.6.5
    QuickTime
    Rainlendar2 (remove only)
    Reason 5.0
    rgc:audio sfz VSTi v1.96
    RocketDock 1.3.5
    Rome: Total War Gold Edition
    S.T.A.L.K.E.R. - Shadow of Chernobyl
    Saints Row: The Third
    ScummVM 1.2.0
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    SFPack
    Sibelius 6
    Sid Meier's Alpha Centauri
    Sid Meier's Civilization IV: Beyond the Sword
    Sid Meier's Civilization V
    Skype Toolbars
    Skype™ 5.1
    SpeedFan (remove only)
    Steam
    Steinberg Cubase 5
    Steinberg Drum Loop Expansion 01
    Steinberg Groove Agent ONE Content
    Steinberg HALionOne
    Steinberg HALionOne Additional Content Set 01
    Steinberg HALionOne Expression Set
    Steinberg HALionOne GM Drum Set
    Steinberg HALionOne GM Set
    Steinberg HALionOne Pro Set
    Steinberg HALionOne Studio Drum Set
    Steinberg HALionOne Studio Set
    Steinberg LoopMash Content
    Steinberg REVerence Content 01
    Super Meat Boy
    System Requirements Lab
    System Requirements Lab CYRI
    Terraria
    The Elder Scrolls V: Skyrim
    The Longest Journey
    Ubisoft Game Launcher
    Unity Web Player
    Unofficial Oblivion Patch v3.2.0
    Unofficial Shivering Isles Patch v1.4.0
    Visual C++ 8.0 Runtime Setup Package (x64)
    Visual Studio 2008 x64 Redistributables
    VLC media player 1.1.11
    Warhammer® 40,000®: Dawn of War® II – Retribution™ Beta
    Westwood Shared Internet Components
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Wrye Bash
    wxPython 2.8.11.0 (ansi) for Python 2.6
    Xiph.Org Open Codecs 0.85.17777
    .
    ==== Event Viewer Messages From Past Week ========
    .
    29/02/2012 08:39:15, Error: Service Control Manager [7043] - The AVG WatchDog service did not shut down properly after receiving a preshutdown control.
    29/02/2012 08:38:42, Error: Service Control Manager [7043] - The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.
    29/02/2012 08:38:06, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
    29/02/2012 08:37:30, Error: Service Control Manager [7022] - The Server service hung on starting.
    28/02/2012 23:34:32, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding
    01/03/2012 20:33:19, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR3.
    .
    ==== End Of File ===========================
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot! Your searches are/were being redirected because the host files were hijacked and sent to a site in China, There are also a few entries to remove:

    I'd like you to run Combofix- but it won't run with AVG. You will need to temporarily uninstall AVG as follows:

    Download AppRemover and save to the desktop
    1. Double click the setup on the desktop> click Next
    2. Select “Remove Security Application”
    3. Let scan finish to determine security apps
    4. A screen like below will appear:
      [​IMG]
    5. Click on Next after choice has been made
    6. Check the AVG program you want to uninstall
    7. After uninstall shows complete, follow online prompts to Exit the program.

    Temporary AV: Choose only 1Use one:
    Antivirus Software(only one):=============================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Before you run the Combofix scan, please disable any security software you have running.

    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe [​IMG]& follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      • The Recovery Console was successfully installed.[/b]
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • .Close/disable all anti virus and anti malware programs
      (If you need help with this, please see HERE)
    • .Close any open browsers.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    =============================
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    =======================================
    Please update the following:
    Note: Check each download screen for any pre-checked Toolbars or BHOs. Uncheck them before the download.
    Adobe Reader > Current is vX(10.xx)> Adobe Reader Update
    Java(TM) > Java Updates .
    Uninstall any earlier versions in of both as they are vulnerabilities for the system. There are 2 outdated Java versions on the system.
    ----------------------
    Example of pre-check on download site: When you got FoxIt, the AskBar was pre-checked and now you have it on the system. Please uninstall the AskBar in Add/Remove Programs and use Windows explorer to ccess Computer> Local Drive (C)> Programs> find the AskBar program folder and do a right click> Delete.
    =================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.

    If I haven't replied back to you within 48 hours, you can send a PM with your thread link in it as a reminder. Do not include technical problems from your thread. Support is given only in the forum.
    Threads are closed after 5 days if there is no reply.
    ===================================
    Please leave the logs in your next reply.
  3. LainWhite

    LainWhite TS Rookie Topic Starter

    ComboFix 12-03-02.01 - C 03/03/2012 15:51:13.1.4 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.8169.6245 [GMT 0:00]
    Running from: c:\users\C\Desktop\ComboFix.exe
    AV: COMODO Antivirus *Disabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}
    SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\C\AppData\Roaming\IDM\idmmzcc3
    c:\users\C\AppData\Roaming\IDM\idmmzcc3\chrome.manifest
    c:\users\C\AppData\Roaming\IDM\idmmzcc3\chrome\idmmzcc.jar
    c:\users\C\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
    c:\users\C\AppData\Roaming\IDM\idmmzcc3\components\iIDMMzCC.xpt
    c:\users\C\AppData\Roaming\IDM\idmmzcc3\components2\idmhelper.js
    c:\users\C\AppData\Roaming\IDM\idmmzcc3\components2\idmhelper2.js
    c:\users\C\AppData\Roaming\IDM\idmmzcc3\components2\idmmzcc.dll
    c:\users\C\AppData\Roaming\IDM\idmmzcc3\components2\iIDMHelper.xpt
    c:\users\C\AppData\Roaming\IDM\idmmzcc3\components2\iIDMHelper2.xpt
    c:\users\C\AppData\Roaming\IDM\idmmzcc3\components2\iIDMMzCC.xpt
    c:\users\C\AppData\Roaming\IDM\idmmzcc3\install.js
    c:\users\C\AppData\Roaming\IDM\idmmzcc3\install.rdf
    c:\users\C\AppData\Roaming\IDM\idmmzcc3\META-INF\manifest.mf
    c:\users\C\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.rsa
    c:\users\C\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.sf
    M:\install.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-03 to 2012-03-03 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-03 15:55 . 2012-03-03 15:55 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-03-03 15:55 . 2012-03-03 15:55 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-03-03 15:43 . 2012-03-03 15:44 -------- d-----w- c:\programdata\Comodo
    2012-03-03 15:42 . 2012-03-03 15:43 -------- d-----w- c:\program files\COMODO
    2012-03-03 15:42 . 2012-03-03 15:42 -------- d-----w- c:\program files (x86)\Comodo
    2012-03-03 15:42 . 2012-03-03 15:42 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
    2012-03-03 15:42 . 2012-03-03 15:42 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
    2012-03-03 12:23 . 2012-03-03 12:23 -------- d-----w- c:\users\C\AppData\Roaming\Malwarebytes
    2012-03-03 12:23 . 2012-03-03 12:23 -------- d-----w- c:\programdata\Malwarebytes
    2012-03-03 12:23 . 2012-03-03 12:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-03-03 12:23 . 2011-12-10 15:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-21 16:18 . 2012-02-21 16:18 406528 ----a-w- c:\windows\SysWow64\ReWire.dll
    2012-02-21 16:18 . 2012-02-21 16:18 338432 ----a-w- c:\windows\SysWow64\REX Shared Library.dll
    2012-02-17 05:11 . 2012-02-17 05:11 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
    2012-02-17 04:21 . 2010-08-12 15:00 133800 ----a-w- c:\windows\system32\IPROSetMonitor.exe
    2012-02-17 04:21 . 2012-02-17 04:21 -------- d-----w- c:\program files\Intel
    2012-02-17 04:21 . 2010-05-07 09:41 314568 ----a-r- c:\windows\system32\PROUnstl.exe
    2012-02-17 04:20 . 2010-09-21 06:34 313520 ----a-w- c:\windows\system32\drivers\e1c62x64.sys
    2012-02-17 04:20 . 2010-07-30 16:56 68264 ----a-w- c:\windows\system32\e1cmsg.dll
    2012-02-17 04:20 . 2009-05-26 02:05 36472 ----a-w- c:\windows\system32\NicCo36.dll
    2012-02-17 04:20 . 2010-07-26 17:30 91840 ----a-w- c:\windows\system32\NicInstC.dll
    2012-02-17 03:23 . 2012-02-17 03:23 -------- d-----w- c:\windows\SysWow64\Wat
    2012-02-17 03:23 . 2012-02-17 03:23 -------- d-----w- c:\windows\system32\Wat
    2012-02-06 12:08 . 2012-02-06 12:47 -------- d-----w- c:\users\C\AppData\Roaming\The Longest Journey
    2012-02-04 12:39 . 2012-02-04 12:39 -------- d-----w- c:\users\C\AppData\Local\Black_Tree_Gaming
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-02 07:46 . 2011-05-14 14:06 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-02-17 03:23 . 2011-06-21 15:45 419840 ----a-w- c:\windows\system32\systemcpl.dll
    2012-02-17 03:23 . 2011-06-21 15:45 14848 ----a-w- c:\windows\system32\slwga.dll
    2012-02-17 03:23 . 2011-06-21 15:45 13824 ----a-w- c:\windows\SysWow64\slwga.dll
    2012-02-17 03:23 . 2011-06-21 15:46 1008640 ----a-w- c:\windows\system32\user32.dll
    2012-02-17 03:23 . 2011-06-21 15:46 833024 ----a-w- c:\windows\SysWow64\user32.dll
    2012-01-17 21:00 . 2012-01-17 21:00 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
    2011-12-28 00:08 . 2010-12-21 12:22 280736 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2011-12-28 00:08 . 2010-12-21 12:21 280736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2011-12-28 00:04 . 2010-12-21 12:21 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2011-12-26 18:49 . 2010-11-28 03:17 466456 ----a-w- c:\windows\system32\wrap_oal.dll
    2011-12-26 18:49 . 2010-11-28 03:17 122904 ----a-w- c:\windows\system32\OpenAL32.dll
    2011-12-26 18:49 . 2010-11-28 03:17 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
    2011-12-26 18:49 . 2010-11-28 03:17 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
    2011-12-19 18:59 . 2011-12-19 18:59 93200 ----a-w- c:\windows\system32\drivers\inspect.sys
    2011-12-19 18:59 . 2011-12-19 18:59 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2011-12-19 18:59 . 2011-12-19 18:59 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2011-12-19 18:58 . 2011-12-19 18:58 41200 ----a-w- c:\windows\system32\cmdcsr.dll
    2011-12-19 18:58 . 2011-12-19 18:58 389840 ----a-w- c:\windows\system32\guard64.dll
    2011-12-19 18:58 . 2011-12-19 18:58 301224 ----a-w- c:\windows\SysWow64\guard32.dll
    2011-12-05 12:21 . 2011-12-05 12:21 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2011-12-05 12:21 . 2011-12-05 12:21 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2011-12-05 12:21 . 2011-12-05 12:21 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
    [7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
    [-] 2012-02-17 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
    .
    [-] 2012-02-17 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
    [7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
    [7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\C\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\C\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\C\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\C\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="m:\vidya\Steam\steam.exe" [2011-08-02 1242448]
    "IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2010-11-07 3257696]
    "F.lux"="c:\users\C\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
    "RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "Rainlendar2"="c:\program files (x86)\Rainlendar2\Rainlendar2.exe" [2011-02-04 2346496]
    "uTorrent"="m:\programs\uTorrent\uTorrent.exe" [2011-11-15 641400]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 213304]
    "CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 184120]
    .
    c:\users\C\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Default.lnk - c:\users\C\AppData\Roaming\Realtime Soft\UltraMon\3.0.10\Profiles\Default.umprofile [N/A]
    Dropbox.lnk - c:\users\C\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    UltraMon.lnk - c:\windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico [2010-8-30 29310]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [x]
    R3 EuMusDesignVirtualAudioCableWdm_gna;GenAudio AstoundSound (WDM);c:\windows\system32\DRIVERS\vacgnakd.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
    S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
    S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
    S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
    S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
    S2 lxbc_device;lxbc_device;c:\windows\system32\lxbccoms.exe [2007-03-16 566704]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
    S2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [2009-07-13 24168]
    S2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [x]
    S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - CMDERD
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    \shell\AutoRun\command - E:\autoplay.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    \shell\AutoRun\command - F:\OblivionLauncher.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    \shell\AutoRun\command - G:\Autorun.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
    \shell\AutoRun\command - H:\setup.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
    \shell\AutoRun\command - I:\launcher.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4244408742-1591959250-2308768104-1001Core.job
    - c:\users\C\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-11 07:23]
    .
    2012-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4244408742-1591959250-2308768104-1001UA.job
    - c:\users\C\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-11 07:23]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\C\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\C\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\C\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\C\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 9454920]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    "AppInit_DLLs"=c:\windows\System32\guard64.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
    IE: Download FLV video content with IDM - c:\program files (x86)\Internet Download Manager\IEGetVL.htm
    IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
    TCP: DhcpNameServer = 217.20.29.9 217.20.22.2
    FF - ProfilePath - c:\users\C\AppData\Roaming\Mozilla\Firefox\Profiles\qags5fby.default\
    FF - prefs.js: browser.startup.homepage - www.google.co.uk
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
    Wow6432Node-HKCU-Run-RGSC - m:\vidya\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
    Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre6\bin\jusched.exe
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    AddRemove-AMK MOD_is1 - c:\program files (x86)\steam\steamapps\common\stalker shadow of chernobyl\unins001.exe
    AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
    AddRemove-Deus Ex - m:\vidya\Deus Ex\System\Setup.exe
    AddRemove-PunkBusterSvc - m:\vidya\APB RELOADED\Binaries\pbsvc_apb.exe
    AddRemove-S.T.A.L.K.E.R. - Shadow of Chernobyl_is1 - c:\program files (x86)\Steam\steamapps\common\stalker shadow of chernobyl\S.T.A.L.K.E.R. - Shadow of Chernobyl\unins000.exe
    AddRemove-{10CD364B-FFCC-48BE-B469-B9622A033075} - c:\programdata\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}\Fences.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-4244408742-1591959250-2308768104-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:4d,fa,4a,7e,f4,43,e4,f7,4b,00,b7,ee,c5,84,58,76,9b,a1,64,b2,d2,9b,00,
    82,2b,9b,29,e8,22,67,93,5d,8f,b9,35,0d,09,d7,39,92,55,2c,f3,dd,42,12,8f,cd,\
    "??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49
    .
    [HKEY_USERS\S-1-5-21-4244408742-1591959250-2308768104-1001\Software\SecuROM\License information*]
    "datasecu"=hex:1f,48,c7,46,f5,46,b8,08,c7,5f,11,1d,23,6d,b9,e7,40,3f,b5,c1,85,
    95,d5,21,d7,8e,8c,bb,b0,db,74,c0,2d,b7,58,4f,30,8a,99,f7,94,10,60,32,6d,ce,\
    "rkeysecu"=hex:67,81,e0,ee,b2,4a,c7,b5,30,a1,94,15,f9,ca,ce,8a
    .
    [HKEY_USERS\S-1-5-21-4244408742-1591959250-2308768104-1001_Classes\Wow6432Node\CLSID\{538e35e5-6a2e-42c7-a665-494e73f585c6}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:00000136
    "Therad"=dword:00000014
    .
    [HKEY_USERS\S-1-5-21-4244408742-1591959250-2308768104-1001_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "scansk"=hex(0):3d,0c,5c,72,88,8b,77,bc,4f,b5,61,e2,33,be,e4,fa,75,f7,a2,cc,3c,
    70,55,2c,f1,75,a8,e2,0e,a1,30,d1,43,38,e1,24,ad,4b,e1,cf,00,00,00,00,00,00,\
    .
    [HKEY_USERS\S-1-5-21-4244408742-1591959250-2308768104-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):c4,de,26,84,d0,24,e9,f6,16,8a,ab,11,50,76,2e,e1,7b,8c,35,81,2b,
    81,a8,9d,a1,3d,aa,cb,41,27,51,24,2d,ae,97,0f,e0,d1,af,3a,00,00,00,00,00,00,\
    .
    [HKEY_USERS\S-1-5-21-4244408742-1591959250-2308768104-1001_Classes\Wow6432Node\CLSID\{915307c6-1696-45ee-a98e-c5ad0af8934f}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
    1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
    "ThreadingModel"="Apartment"
    .a
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker2"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\SysWOW64\PnkBstrA.exe
    .
    **************************************************************************
    .
    Completion time: 2012-03-03 16:03:25 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-03-03 16:03
    .
    Pre-Run: 32,270,176,256 bytes free
    Post-Run: 41,098,715,136 bytes free
    .
    - - End Of File - - B4C77BC00195AB40A9A56B4D802269F8



    And now the ESET Scan log. Consider me humbled for displaying my use of cracks and frank naming of folders:



    C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2.dll a variant of Win32/Packed.VMProtect.AAA trojan
    C:\Users\C\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\459525e4-7b53b7e6 multiple threats
    M:\Downloads\cnet_MTInstall_exe.exe a variant of Win32/InstallCore.D application
    M:\Downloads\Digital_Insanity_1.9_Keygen.rar a variant of Win32/Packed.VMProtect.AAD trojan
    M:\Downloads\LazyNewbPack[0.31.19][V8.0].zip multiple threats
    M:\Downloads\LazyNewbPack[0.31.25][V9.1].zip multiple threats
    M:\Downloads\SKIDROW.rar a variant of Win32/Packed.VMProtect.AAA trojan
    M:\Downloads\Oblivion Mods and ****\SKIDROW.rar a variant of Win32/Packed.VMProtect.AAA trojan
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      
      :Files 
      C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2.dll
      C:\Users\C\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\459525e4-7b53b7e6 
      M:\Downloads\cnet_MTInstall_exe.exe 
      M:\Downloads\Digital_Insanity_1.9_Keygen.rar 
      M:\Downloads\LazyNewbPack[0.31.19][V8.0].zip 
      M:\Downloads\LazyNewbPack[0.31.25][V9.1].zip 
      M:\Downloads\SKIDROW.rar 
      M:\Downloads\Oblivion Mods and ****\SKIDROW.rar 
      
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    =============================================
    Please update Java: Java Updates . Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.

    Be sure to check all download screens for any pre-check toolbars or BHO> if found, remove the check before the download..
    ===============================================
    Download CKScanner and save to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • When the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
    =====================================
    While I appreciate your honesty, I don't support piracy, so to continue support, you will need to remove all pirated software.
  5. LainWhite

    LainWhite TS Rookie Topic Starter

    Hrmm. At the risk of sounding like an impatient fool, is OTMoveit3 a program that takes a good length of time to do it's thing? It's been stuck as "Not Responding" for a good 20 minutes or so now, and the only things listed in the "Results" is this:

    All processes killed
    ========== FILES ==========
    DllUnregisterServer procedure not found in C:\Program Files

    I'm unsure if the listed directory continues past the window, since the program locks up and I obviously can't use the scrollbar. Advice?

    :EDIT:

    Okay, it stayed like that for a few hours before I gave in. Here's the full directory:


    All processes killed
    ========== FILES ==========
    DllUnregisterServer procedure not found in C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_ra.dll
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    If you have changed the name of a file, the scanner may not be able to find the file.

    Please run the CKScanner
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.